Netizens-Digest Saturday, October 11 2003 Volume 01 : Number 527 Netizens Association Discussion List Digest In this issue: [netz] Media coverage [netz] David McGuire article on Verisign 10/4/2003 Re: [netz] Fwd: VeriSign Capitulates posts from the North American Network Operators Group Re: [netz] Fwd: VeriSign Capitulates posts from the North American Network Operators Group Re: [netz] Fwd: VeriSign Capitulates posts from the North American Network Operators Group Re: [netz] Fwd: VeriSign Capitulates posts from the North American Network Operators Group ---------------------------------------------------------------------- Date: Sat, 4 Oct 2003 18:59:15 -0400 From: "Howard C. Berkowitz" Subject: [netz] Media coverage Just after I sent my comments on the wildcard issue, I read the note below from Bill Simpson. Bill is a highly respected although controversial member of the Internet engineering process. His achievements include designing PPP. He is also a frequent critic-to-gadfly of the process, but has "paid his dues" such that people listen. As a silly aside, Bill manages to amuse me in one respect. I had read his work for some time before I met him. Once upon a time, I had a manager who would say thoroughly obnoxious things in such a beautiful voice that one would listen to things that otherwise lead to blows. Bill has such a voice, but I first knew him from a caustic written standpoint. I just finished reading the Washington Post's coverage at http://www.washingtonpost.com/wp-dyn/articles/A42107-2003Oct3.html, and am as disappointed as Bill was with the New York Times. They cite a Verisign executive, and an executive of another company Paxfire, that tried commercializing a product much like Sitefinder. In contrast, the Post cited "the close-knit group of engineers and scientists who are familiar with the technology underpinning the Internet" without naming a single name of an acknowledged expert with no financial interest in the type of redirection from Verisign and Paxfire. I don't find it unreasonable that a reporter should get a specific quote from any relevant expert, such as Paul Vixie, author of the most widely used DNS software, or any of the authors or working group chairs pertaining to DNS standardization and operation. At 3:01 PM -0400 10/4/03, William Allen Simpson wrote: >Re: http://www.nytimes.com/2003/10/04/technology/04WEB.html > >Today, ELIZABETH OLSON relied upon press releases to write an article >about the VeriSign hijacking of the .com and .net domain name spaces. >The article contains a number of errors and misconceptions. > >These are not "anecdotal and isolated issues". Network security >monitors raised the alarm worldwide during the day, many hours before >VeriSign admitted that they had made the change without any advance >notice to network operators (in a message to NANOG by "Matt Larson > Mon, 15 Sep 2003 19:24:29 -0400"). > >This action caused a valid technical Domain Name System (DNS) response >to disappear. That response is widely expected by software deployed >over 20 years. > >The difficulties with wildcards in the DNS has been under discussion >for many months (and years) within the Internet Engineering community. >VeriSign should have known that this action would be a technical error >that would adversely affect the entire world. > >The result was a meltdown at many smaller internet providers, saturated >links, overloaded mail servers, and lost mail. By extension, this cost >network operators worldwide hundreds of millions of dollars per day. > >It should come as no surprise that there are now lawsuits seeking >class action status. Surprisingly however, that was not mentioned in >this article. > >Nor is this "whether managing the Internet will be allowed to become >more commercial". VeriSign does not manage the Internet. VeriSign is >under contract with public entities (that do manage the Internet) to >register domain names as a public trust. They violated that trust. > >This is not "innovation". This is Fisk and Gould attempting to corner >the market. > >Although contacting a paid VeriSign spokesperson is obviously easier >than research among a diverse group of network operators, this leads to >a rather one-sided view. In the future, the New York Times might >consider using Internet resources, such as email, to contact competent >persons. In addition to ICANN, the Internet Architecture Board (IAB) >and/or the North American Network Operators Group (NANOG) are some >places that such technical assistance might be available. ------------------------------ Date: Sun, 5 Oct 2003 02:34:03 -0400 From: "Howard C. Berkowitz" Subject: [netz] David McGuire article on Verisign 10/4/2003 Let me begin with appropriate disclaimers and identifiers. While in college in 1966-1967, I was a part-time science writer for The Washington Post, so have some familiarity with the news process. At the present time, I am an independent consultant in networking and medical computing, with experience including Internet operational design. With respect to the latter, I have four published books, including one on ISP design: _Building Service Provider Networks_ (Wiley). I am a participant in the Internet Engineering Task Force and North American Network Operators' Group. I have no financial interest in Verisign or its competitors. My concern is first with journalistic balance with respect to sources, and second with technical inaccuracy. The article quotes a Verisign executive, as well as an executive of a firm with a commercial offering similar to Verisign's Sitefinder process. In contrast, the Post cited "the close-knit group of engineers and scientists who are familiar with the technology underpinning the Internet" without naming a single name of an acknowledged expert on the Domain Name System, the Internet function that translates human-oriented names to computer-oriented Internet addresses. It would be simple to find recognized professionals with no financial interest in the type of redirection from Verisign and Paxfire. Balanced reporting should cover both sides of the story. There are a great may individuals and firms that were adversely affected by Verisign's action, and considerable sentiment in the worldwide Internet engineering community that the Verisign action was technically unsound, and in a manner that can be demonstrated objectively, interfered with the normal operations of the Internet. While I wouldn't quite call the article a Verisign press release, I'm appalled either that Mr. McGuire failed to obtain opinion from independent, financially disinterested individuals, or, alternatively, that the editorial staff removed such material. Let me summarize some of the major operational concerns, and not get into the governance issues between Verisign and ICANN. Strong arguments can be made that adding the wildcard (i.e., that which causes any undefined domain to be redirected to Sitefinder) to .com and .net breaks the operational and even protocol aspects of DNS. A great many network security tools, especially spam filters, depend on checking if domains are undefined. There is a specific DNS protocol message for undefined domain, which the wildcard defeats. Beyond security, the wildcards have an indirect effect of potentially slowing electronic mail or causing it to be dropped. One thing that Verisign seemed not to consider is that the Internet is more than the Web, and mail agent redirection to Sitefinder provides absolutely no value to the mail-using Netizen. Here's the problem. Let's say I misaddress a piece of mail to foo.com, which I shall assume is a nonexistent domain. When an ISP first tries to deliver it without the DNS wildcards, when it discovers there is no such domain, it will treat that as an error, usually returning the mail to sender with an appropriate error message. With wildcards, however, an unmodified SMTP agent will get back an address (Sitefinder) and try to set up a SMTP session with it. At best, it will discover that Sitefinder does not support mail exchange and treat the message as undeliverable, again returning it. It's more likely, however, that the SMTP software will decide that since it can find foo.com (with sitefinder's address), a temporary error is interfering with delivery. It will requeue the message for retry. Typically, mail agents try to redeliver for several days, and may or may not return intermediate warning messages. We now have the effects: --ANY mail to an incorrectly spelled name gets added to the outgoing mail queue for retry, increaasing queue length. Doing so: -- slows down mail delivery due to the need for repeatedly processing mail that will never be delivered -- consumes queue storage resources and increases ISP costs, which may be passed on to the end user --Inconveniencing the user, who, if they received a prompt error notification, might discover they spelled an address incorrectly and simply need to correct the message and resend it. With the wildcards, days may elapse before the sender even knows there is a problem. - -- Howard C. Berkowitz 5012 25th Street South Arlington VA 22206 (703)998-5819 voice (703)998-5058 fax (alas, sometimes poorly operated by "helpful" cat) ------------------------------ Date: Sun, 5 Oct 2003 16:47:15 -0400 From: lindeman@bard.edu Subject: Re: [netz] Fwd: VeriSign Capitulates posts from the North American Network Operators Group Howard, > Many of the discussions on this list have focused on what is wrong. > It's been quiet for a long time. Is it possible, as I hope, that the > list might focus on lessons learned from something that had positive > aspects, and see how they might be improved and/or used more widely? I doubt, alas, that I have much value to contribute to that discussion, but I'll just add a comment on one point in your next paragraph: > I would note that while the general news media picked up on this > issue, relatively few covered it well. The grass-roots industry > response, as well as ICANN's work, often seemed to be treated as one > corporation spinning another (i.e., Verisign). Some media covered it > better than others, but I haven't seen anything that really expressed > the widespread outrage seen on NANOG and elsewhere. The idea of "grass-roots industry" sounds a bit counterintuitive, but you've documented it very well. Shoot, I'm out of my depth here. A lot of Internet discourse seems to focus either on a somewhat mythical realm of independent individuals, or on the influence of Big Business. Grass-roots industry is somewhat analogous to "small business" (what U.S. observers sometimes call Main Street as opposed to Wall Street). In terms of traditional political theory, Main Street should be a lot better for republican values than Wall Street. It might not be utterly pointless (although I'm sure it is misleading) to think of the Verisign brouhaha as having a similar aspect. The conflict was not business versus the people, nor simly big business vs. small business. But a concentrated interest lost, and that is always interesting and encouraging. The preceding is more muddled than helpful, but my time is _really_ at a premium this week, and yet I couldn't stand not to respond. Mark Lindeman ------------------------------ Date: Sun, 5 Oct 2003 17:32:00 -0400 From: "Howard C. Berkowitz" Subject: Re: [netz] Fwd: VeriSign Capitulates posts from the North American Network Operators Group >Howard, > >> Many of the discussions on this list have focused on what is wrong. >> It's been quiet for a long time. Is it possible, as I hope, that the >> list might focus on lessons learned from something that had positive >> aspects, and see how they might be improved and/or used more widely? > >I doubt, alas, that I have much value to contribute to that >discussion, but I'll just >add a comment on one point in your next paragraph: > >> I would note that while the general news media picked up on this >> issue, relatively few covered it well. The grass-roots industry >> response, as well as ICANN's work, often seemed to be treated as one >> corporation spinning another (i.e., Verisign). Some media covered it >> better than others, but I haven't seen anything that really expressed >> the widespread outrage seen on NANOG and elsewhere. > >The idea of "grass-roots industry" sounds a bit counterintuitive, but you've >documented it very well. It's probably not the ideal phrase. While Internet engineering is not a formally recognized profession (i.e., with requirements for independence and ethics) such as medicine, law, or accounting, there is a very real sense of community -- or meritocracy -- among a group of people who live by electronic communications. I was referring to the response by those engineers as individuals with all manner of employers. Even though many of the individuals of whom I'm thinking might be employed by large networking equipment vendors or telecommunications carriers, it's just as likely they might be small ISPs, academics, or consultants. The IETF has long differed from other, more formalized technical standards groups (e.g., ISO, ITU) by being relatively free of politics, and having a generally shared ethic of Doing The Right Thing. Some people object to the IETF process because it doesn't invite "public comment", but the reality is that the development process is completely open to anyone. The issue is that unless someone demonstrates technical competence in the subject at hand (informally referred to as "having clue"), the culture will ignore them. That culture wants to stay an apolitical enabler of Internet technology, and, in general, comments on the role of the technology in broader nontechnical political issues are unwelcome. On the NANOG list, there was a sense of outrage, as well as real concern over operational impact, of this latest Verisign revenue play. This isn't the first time that Verisign has gotten in trouble over what may be a very basic conflict of interest between the role of legitimately profit-making registrar, versus public stewardship registry. See, for example, http://www.washingtonpost.com/wp-dyn/articles/A61407-2003Sep24.html, where Verisign settled a Federal Trade Commission charge that they used their position as regisTRY (i.e., as data base custodian and recognized authority) to send out misleading notices that people needed to renew domain registrations, with a link that would send them to Verisign's regisTRAR function. In another business area, Verisign is also one of the leading Certification Authorities and Registration Authorities for public keys/digital security certificates. Again, a role requiring a great deal of trust. >Shoot, I'm out of my depth here. A lot of Internet >discourse seems to focus either on a somewhat mythical realm of independent >individuals, or on the influence of Big Business. Grass-roots >industry is somewhat >analogous to "small business" (what U.S. observers sometimes call Main Street >as opposed to Wall Street). I didn't mean to refer to small or large business; I meant to refer to engineers in both. > In terms of traditional political theory, Main Street >should be a lot better for republican values than Wall Street. It >might not be utterly >pointless (although I'm sure it is misleading) to think of the >Verisign brouhaha as >having a similar aspect. The conflict was not business versus the people, nor >simly big business vs. small business. But a concentrated interest >lost, and that >is always interesting and encouraging. > >The preceding is more muddled than helpful, but my time is _really_ >at a premium >this week, and yet I couldn't stand not to respond. > >Mark Lindeman ------------------------------ Date: Sun, 5 Oct 2003 20:49:56 -0400 From: lindeman@bard.edu Subject: Re: [netz] Fwd: VeriSign Capitulates posts from the North American Network Operators Group Howard, > It's probably not the ideal phrase. While Internet engineering is not > a formally recognized profession (i.e., with requirements for > independence and ethics) such as medicine, law, or accounting, there > is a very real sense of community -- or meritocracy -- among a group > of people who live by electronic communications. I was referring to > the response by those engineers as individuals with all manner of > employers.[...huge snip] > I didn't mean to refer to small or large business; I meant to refer > to engineers in both. Yeah, I think I can accommodate that within my muddled thought process, but I don't quite have a language for what I intend to say. I'm thinking from the standpoint of the Federalist Papers. The Federalists worry a lot about balancing all sorts of power relations, but they seem also to hope for a meritocracy (not of engineers, of course) that crosses factional divides of interest. Ah, I know how I could avoid the economic red herring, at the small cost of general incomprehensibility: you are describing Internet engineers as an epistemic community. Strike that -- rather, your description of Internet engineers is superficially compatible with my understanding of what certain political scientists have called "epistemic community." (The phrase has been taken in different directions, as a quick Google underscored. I even found one article that uses "global Internet community" and "global epistemic community" more or less interchangeably.) Mark Lindeman ------------------------------ Date: Mon, 6 Oct 2003 16:23:02 -0400 From: "Howard C. Berkowitz" Subject: Re: [netz] Fwd: VeriSign Capitulates posts from the North American Network Operators Group >Howard, > >> It's probably not the ideal phrase. While Internet engineering is not >> a formally recognized profession (i.e., with requirements for >> independence and ethics) such as medicine, law, or accounting, there >> is a very real sense of community -- or meritocracy -- among a group >> of people who live by electronic communications. I was referring to >> the response by those engineers as individuals with all manner of >> employers.[...huge snip] >> I didn't mean to refer to small or large business; I meant to refer >> to engineers in both. > >Yeah, I think I can accommodate that within my muddled thought process, but I >don't quite have a language for what I intend to say. I'm thinking from the >standpoint of the Federalist Papers. The Federalists worry a lot >about balancing >all sorts of power relations, but they seem also to hope for a >meritocracy (not of >engineers, of course) that crosses factional divides of interest. >Ah, I know how I >could avoid the economic red herring, at the small cost of general >incomprehensibility: you are describing Internet engineers as an epistemic >community. Strike that -- rather, your description of Internet engineers is >superficially compatible with my understanding of what certain >political scientists >have called "epistemic community." (The phrase has been taken in different >directions, as a quick Google underscored. I even found one article that >uses "global Internet community" and "global epistemic community" more or less >interchangeably.) After my own google, I like the discussion at http://www.svet.lu.se/webcourses/webkurser/002_Politisk_kommunikation/Grundlaeggande/Extra_resurser/Sem6_resurser/epistcomm.pdf This brings up some immediate questions beyond the original point of my thread. Assuming the Internet engineering community forms an epistemic community A, do our definitions of "Netizen" meet the criteria for such a community B? If so, what is the relationship of A and B? Overlapping? A is a subset of B? Disjoint sets, if A's technocratic barriers to entry are emphasized? On a slightly different note, I've been asked to come to the ICANN Security and Stability Committee meeting tomorrow, which will examine the Verisign DNS matter. I think I can make it. Will report back. Was on the phone until 2AM talking to the epistemic community of engineers, and have been communicating quite a bit today. This has also spread to the Internet Law list of the American Bar Association; I just got on that list. ------------------------------ End of Netizens-Digest V1 #527 ******************************